At the NY/NJ OWASP meeting last week, I gave an experimental high-level (i.e. not really technical) talk that I call “Memory Corruption, Exploitation, and You.” The talk is essentially a few rants stapled together, all relating to exploits, but also trying to predict where attackers in the wild will be headed in the next couple of years. One of the points that I tried to make (and will be trying to make in upcoming talks as well) is that the threat environment has changed from what I call “getting hacked by accident” (non-targeted mass malware attacks) to an increased prevalence and awareness of targeted attacks in the wild, often using 0day vulns/exploits and custom malware. Responding to this requires changing several aspects of our mindset about network defense and vulnerability handling.

Our Firm

Founded in 2012, Trail of Bits enables enterprises to make better strategic defense decisions with its world-class experience in security research, red teaming and incident response.

Our Vision

We believe that agile intrusion response and intelligence-driven defenses guided by in-depth understanding of real world attackers' tools, techniques, and procedures are the best strategies for the security-conscious enterprise.